IDS Snort rules: Bleeding Edge Threats rules

This section of the Snort Report on Snort IDS rules covers rules privded by Bleeding Edge Threats (BET).

Matt Jonkman and James Ashton founded Bleeding Edge Threats (BET) (previously Bleeding Edge Snort) in 2003 as a focus point for a variety of projects related to intrusion detection. BET's most popular set of rules are BSD licensed and require no registration. There are other rules available, too.

I recommend using both Sourcefire VRT rules and BET rules on sensors. Sourcefire VRT rules are backed by a professional rule development team with millions of dollars of testing equipment at its disposal and specialized tools for signature generation, so they tend to be solid and well-tested. BET releases rules almost immediately upon discovery of a network-based attack, so they can be rough around the edges and less tested. I have found many interesting network activities only using BET rules, however.


Snort Report -- IDS Snort rules

  Introduction
  False positives
  Sourcefire rules
 Bleeding Edge Threats rules
  Acquiring Snort rules
  Activating Snort rules
  Loading rules

About the author
Richard Bejtlich is founder of TaoSecurity, author of several books on network security monitoring, including Extrusion Detection: Security Monitoring for Internal Intrusions, and operator of the TaoSecurity blog.

This was first published in April 2007

Dig deeper on Network security products, technologies, services

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

MicroscopeUK

SearchCloudProvider

SearchSecurity

SearchStorage

SearchNetworking

SearchCloudComputing

SearchConsumerization

SearchDataManagement

SearchBusinessAnalytics

Close